It was discovered that the e1000 emulation code in QEMU does notenforce frame size limits in the same way as the real hardware does.This could trigger buffer overflows in the guest operating systemdriver for that network card, assuming that the host system does notdiscard such frames (which it will by default).

For the stable distribution (squeeze), this problem has been fixed inversion 0.12.5+dfsg-3squeeze3.

For the unstable distribution (sid), this problem has been fixed inversion 1.1.2+dfsg-4.

We recommend that you upgrade your qemu packages.

Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: http://www.debian.org/security/